You thought a hearty "Congratulations!" would be in
order. Your online business was still in its first week and had
already received a whopping $5,000 order. There was just one
catch-it had been placed with a stolen credit card number. The
tip-off came when you saw that the order, ostensibly placed by a
credit card holder with a U.S. billing address, was to be shipped
to faraway Indonesia. A quick phone call to the real card holder,
who told you she didn't have the foggiest idea about the order,
confirmed your suspicion.

Sometimes, sniffing out fraudulent transactions can be a matter
of common sense. While online fraud tactics are be-coming
increasingly sophisticated, preventing credit card fraud
doesn't have to require expensive monitoring tools. Much of
fraud prevention lies in knowing how fraud works.

Take, for example, this loophole in shipping companies'
customer service policies: Any allegedly legitimate buyer can ask
his merchant for the tracking number of his shipped order; the
customer can then call the shipping company with the number and
change the shipping address. This allows a person with a fraudulent
credit card to clear a merchant's antifraud Address
Verification System (AVS), which ensures that the customer's
credit card billing and shipping information match bank records and
each other. After having his or her order approved, any poseur can
obtain his or her package's tracking number and change the
original delivery address to his or her own.

Developing a policy of withholding the tracking numbers of
overnight packages until delivery time has passed can serve as a
simple but effective part of your strategy against electronic
credit card fraud.

Mie-Yun Lee is the founder and editorial director of BuyerZone.com, an Internet
purchasing hub for small businesses. Kaukab Jhumra contributed to
this article.

Risky Business

Online merchants take on much higher risk than their
brick-and-mortar counterparts: Nearly 10 percent of all Internet
transactions are fraudulent, compared to less than 1 percent of
credit card transactions in the physical world, according to a 1999
report by Meridien Research. (The company does, however, expect
Internet fraud to drop to below 5 percent in its 2000 report.)

Internet merchants also assume higher penalties for credit card
purchases than do physical stores, paying as much as 2.69 percent
and 30 cents (compared to 1.5 percent and 20 cents) on every
Net-based transaction. Why are online fraud rates so high? Unlike
face-to-face transactions, where a signed receipt serves as a
contract protecting the merchant against identity fraud,
transactions made over the phone or online do not guarantee the
card user's identity. This means anyone with access to old
credit card receipts or illegal software that generates authentic
credit card numbers can attempt to use those numbers to buy online.
Even worse, the merchant must assume all the risk in such
non-face-to-face transactions.

Julie Ferguson, co-founder and vice president of emerging
technologies for e-commerce software company ClearCommerce in
Austin, Texas, and founding member and board member for the newly
launched nonprofit Worldwide E-commerce Fraud Prevention Network,
says the total costs of e-fraud add up to far more than just the
cost of goods sold. In fact, merchants are fined for chargebacks,
or reversals, against disputed credit card sales. E-fraud costs
thus include the cost of the order, bank and card processor fees
(including higher discount rates, chargeback fees, fines and even
termination of processor service for excessive chargebacks), the
expense of manually resolving bad trans-actions and the decline in
customer loyalty.

Anti-Fraud Measures

You can fight back against online credit card fraud by investing
in fraud-detection software, either separately or as part of your
credit card processing service. So-called store-in-a-box solutions
can provide a generally easy and inexpensive system for processing
credit cards, including pre-authorization with Visa and Mastercard.
(For more on stores-in-a-box, see "Bizstartups.com".)

If the anti-fraud tools that come bundled with your e-commerce
so-lution provider or your credit card pro-cessing service
aren't as robust as you want, however, you can invest in
separate anti-fraud software and integrate it with your
payment-processing service. These tools typically include real-time
authorization capabilities to ensure the card number and expiration
date are valid and customer funds are sufficient. Within the United
States, tools also include AVSes. More advanced anti-fraud tools
incorporate rules systems that are able to flag certain types of
transactions based on customizable if/then statements (such as
"IF the order is above $1,000 AND the shipping is express THEN
review the order") and statistical models that learn by
example and correlate trans-action attributes with known fraudulent
activity.

Businesses serious about their fraud prevention often develop
in-house historical databases that capture past orders, customer
names, and valid and invalid shipping information. They may also
use systems to rate each transaction for the likelihood of fraud
through a series of checks.

Helping Hands

Over the past two years, two nonprofit industry groups have
formed to help merchants shield themselves from the slings and
arrows of online credit card fraud. One is the Internet Fraud Prevention Advisory
Council, supported by the Internet di-vision of HNC Software, a
San Diego provider of Internet fraud risk management solutions. The
other, the Worldwide
E-Commerce Fraud Prevention Network, with free membership for
all merchants, is being spearheaded and funded for the first year
by American Express. Both groups aim to educate online merchants
about anti-fraud practices as well as research and identify
developing trends in Internet fraud and promote new fraud detection
technology. The Fraud Prevention Network also offers helpful tools
such as the "Fraud Test"-a quick, self-diagnostic
questionnaire on its Web site that helps you pinpoint where your
e-business may be most vulnerable to credit card fraud.

If you can't afford anti-fraud software, Ferguson offers
tips on how you can gather what she calls the low-hanging fruit of
fraud prevention. The best anti-fraud defense you can have, she
says, is awareness of typical fraudulent behavior. Require all
order-form fields to be filled in, and make sure credit card
numbers match the card type (Visa, MasterCard or American Express).
E-mail a receipt of the order to the address provided or call the
consumer-you'll soon find out whether the contact information
is fake. And be careful when you receive an order form with a free
Internet-based e-mail account, as such accounts can be registered
quite easily. Know your average order amounts and be suspicious of
extraordinary orders as well as large-dollar orders of many
low-priced items. Flag large orders that ask for express or P.O.
Box shipping.

While one element alone may not be a telltale sign of fraud, a
combination of a few could spell trouble. If several card numbers
are attempted from the same IP address (a computer's location
on the Internet) before one is finally accepted by your system, be
very suspicious, Ferguson says-they could be mathematically
generated from illegal, easily downloadable software. Encrypt data
maintained on da-tabases or files accessible from the Internet, and
immediately investigate and report to your credit card merchant any
suspected loss of account or transaction information.

Online credit card fraud cost U.S. merchants $400 million by the
end of 2000, according to Meridien Research. Developing an
anti-fraud strategy now could help lessen your share of the
burden.